Glitch City Laboratories Archives

Glitch City Laboratories closed on 1 September 2020 (announcement). This is an archived copy of a thread from Glitch City Laboratories Forums.

You can join Glitch City Research Institute to ask questions or discuss current developments.

You may also download the archive of this forum in .tar.gz, .sql.gz, or .sqlite.gz formats.

Generation I Glitch Discussion

Where to start for understanding exactly how glitches work programming-wise? - Page 1

Where to start for understanding exactly how glitches work programming-wise?

Posted by: vhs
Date: 2017-10-22 23:21:25
Hiya. I'm completely and totally a new person to this forum, and honest to god I don't quite know where else to look for this, but I'd like to find out where I can learn exactly how gen-1 glitches work in terms of things like hexadecimals and how people can abuse them to achieve different things. I've been interested in glitches for R/B/Y for a long portion of my life and I wish to understand more, however I've reached the hurdle of actually understanding the programming of the game itself.
If there's a post that explains all of this that I've overlooked, my sincere apologies. Thank you for your time.

Re: Where to start for understanding exactly how glitches work programming-wise?

Posted by: Couldntthinkofaname
Date: 2017-10-23 06:21:32
Hi!

If you're looking for gen 1 glitch information, most of it can be found here at the Gen 1 glitch discussion child board. Most posts here are well explained in technological terms.

If you have a question, feel free to ask!

Re: Where to start for understanding exactly how glitches work programming-wise?

Posted by: ISSOtm
Date: 2017-10-23 12:54:21
I think the first thing you need to understand the internal of glitches - any generation included - is coding. Have solid programming knowledge. This way - even not looking at the game's code ! - you can get a grasp of how "things work". Then, though things were programmed so this happens, what would happen if *this* happened instead ? (To put it differently, there are many different ways to have an given action trigger another, but they have different effects when unintended situations are encountered.) That's what you need to understand to get "how glitches work programming-wise".

To be fair, when I started, I had no idea how the Game Boy worked. I researched how WTW worked by poking around memory, not even code.

Re: Where to start for understanding exactly how glitches work programming-wise?

Posted by: Torchickens
Date: 2017-11-04 21:45:09
Hi vhs. :) That's OK! I started in a similar position of not knowing much about the game's code or programming.

Related to what ISSOtm said, I personally feel before understanding the Game Boy's programming (CPU) it's important to understand the system's memory structure (which in this case of RBY/GSC is sometimes called the Game Boy bus and is described here).

The region that is at C000-CFFF, D000-DFFF, E000-FDFF (and sometimes A000-BFFF, 8000-9FFF) is usually the region that cheating devices for the Game Boy/Color such as the GameShark will change. For example, you might know of the code 01xx59D0 that allows you to fight any Pokémon in Red/Blue. What this code does is write a value to the banked RAM (also known as WRAM) address D059.

What RAM essentially is (although I don't personally understand electronical side of it, and most of the time you don't need to) is like you're making database of many changeable things in run-time (or in the case of SRAM save file data), whether it be how many badges you have, the species of the wild Pokémon in battle, your character's name, to as intricate as the tile on the screen at specific coordinates. On many occasions changing a RAM address will apply the change in game (although there are exceptions, for debugging the developer's might store the value there only like scratch paper).

I feel a good place to begin is by using a memory editor (or cheating device although the process takes longer) to set up glitches. These glitches could be techniques such as the old man glitch, out of bounds values like glitch items with IDs beyond hexadecimal 53 and so on.

When you do this I feel it's best to familiarize yourself with the hexadecimal number system. Our system, decimal has numbers ranging from 0 to 10. Hexadecimal has values ranging from 0 to 15 before you move on to the next digit, and decimal values 11 to 15 are written in hexadecimal as 0A-0F.

When clarifying that a number is in hexadecimal, we give it the prefix 0x or $ (depending on your preference); so 5A could be represented as 0x5A or $5A. The 0x doesn't mean "zero times", and I don't know why they chose it but it's like that.

If you're using Windows, Windows Calculator on Programmer mode is a great way to convert decimal to hexadecimal.

Simply enter a number in the "dec" field and then click on "hex", and the calculator will convert it for you.

[img]https://i.imgur.com/IAPbM8g.png[/img]

We also have an article about hexadecimal here that tells you how to make conversions by hand if you ever need to do that. :)

This table known as the Big HEX List documents the hex values you need (for a memory editor such as the emulator BGB's and Visual Boy Advance (VBA)'s and the xx in a GameShark code) to obtain certain things.

For a list of memory addresses or GameShark codes I suggest the following resources:

1. Datacrystals' Pokémon Red and Blue RAM Map

2. Pokémon Red disassembly WRAM map (more complete)

3. Our wiki's GameShark codes archive

If you ever need to convert a GameShark code to a memory address and vice versa, consider a GameShark code as 01xxYYZZ. Address ZZYY should be the memory address for most memory editors. The reason for this is the older GameSharks always work by writing a value to a memory address, and that memory address is stored in the code in a format known as little-endian; meaning the smaller values go first. Hence 01xx59D0 is modifying big-endian D059.

If you want to get into testing out a particular glitch quickly on an emulator, I have prepared save files on my Google Sites (link), which you can use by saving them in the same directory as a ROM of the same name (for BGB) or using the import battery file feature from File>Load Game (for VBA).

In terms of programming, basically glitch items such as 8F (Red/Blue) and ws m (Yellow) will interpret RAM as programming code (known as arbitrary code execution). ROM is read-only and is often reserved for both code (such as the routine to start a new game), as well as data that shouldn't be changed during gameplay (like PIDGEY's species name for instance). Nothing stops the game executing RAM as code (in fact some games intentionally do this; not just HRAM), so using a software vulnerability like an out of bounds glitch item we can execute code from a certain address in RAM.

The game reads the hexadecimal bytes and doesn't consider the nature of what it is (hence a Lemonade for instance is 3E XX), but each hexadecimal value corresponds with an opcode (instruction) or operand (parameter for instruction only if the instruction precedes it). Most opcodes are covered on the Big HEX List linked above, but if you want a plainer version I personally suggest IIMarckus' text file.

This document is what helped me in understanding some of the basics in Game Boy programming, and the registers (like memory addresses but used by the hardware for almost every purpose): a, b, c, d, e, h, l, sp.

This is an example code:

ld a,0x15
ld (d059),a
ret

Here we store the value 0x15 (Mew's hex ID) into a. a is then moved into d059, and the ret is necessary to terminate the code. This results in us encountering a wild Mew.

Hope this helps! If you like I can help you learn more :)

Remember though: baby steps. I feel it's a good approach to take your time and try out things one step at a time, and when you perform a glitch deconstruct it by doing something slightly different to see how it changes things. It was only until a few years ago I started experimenting with the programming side of glitches.

Re: Where to start for understanding exactly how glitches work programming-wise?

Posted by: Parzival
Date: 2017-11-05 11:17:32
Hex can also be represented as xxh, the h being at the end of the number and denoting a hex number.